If you want to log an event in any of the event log files, then you can do that using eventcreate command. Logging an event helps the system administrators to trace out things if something has not worked in an expected way. Using this command, we can create a custom event with custom id and description. And we can log the event in any of the event log files(System, Application, Security etc). This post attempts to explain the usage of the eventcreate command.
We need to pass certain parameters while creating an event. The basic ones are listed below.
/Id : Event id
/D : Event description
/T: Event type(can be any of error, information, success or warning)
/L : Event log file name
The syntax for creating an event from windows command line is as follows.
eventcreate /Id eventid /D eventDescription /T eventType /L eventLogfileName
Create an event in System log file with an id 500 and with the description – ‘windows auto update failed. Could not download the install files’
C:\>eventcreate /Id 500 /D “windows auto update failed. Could not download the install files” /T ERROR /L system
SUCCESS: An event of type ‘ERROR’ was created with ‘system’ as the log.
After running the command, I find the below entry in the system log in event viewer(eventvwr.msc)
Specify source for the event:
You can specify how the event is generated by adding source information. This can be specified using /SO option. In the above example, if we want to specify the event source as ‘Windows update’, the command would be as below.
C:\>eventcreate /SO "Windows Update" /Id 500 /D "windows auto update failed. Could not download the install files" /T ERROR /L system
Create events on a remote system:
We can use eventcreate command to log events on remote computers also. We can specify the remote system details with /S (remote computer name/IP), /U (username) /p (password).
The below command creates an event on the system ‘10.192.10.10’.
C:\>eventcreate /S 10.192.10.10 /U administrator /P password /SO "Windows Update" /Id 500 /D "windows auto update failed. Could not download the install files" /T ERROR /L System SUCCESS: An event of type 'ERROR' was created in the 'System' log with 'Windows Update' as the source. C:\>